My website just got shut down from Bluehost because they found a file that contained malware.

I removed the file and got activated at Bluehost again, however, now my site does not work because that file is missing. I therefore suspect that most of the file contains important functions, while there has been some malware code secretly inserted into some section of the code. However - I am not a programmer and have no idea which section of the code could be malware.

Can anyone here find the malware code so that I can remove it? Then I can get my site up and running again

/* * if debug - the constants are used to load the live color customizer (demo) and to remove the tf bar on ios devices */if (TD_DEBUG_LIVE_THEME_STYLE) { require_once('wp_booster/demo/td_theme_style.php' );}

// This is an example of how to include a plugin pre-packaged with a themearray('name' => 'WPBakery Visual Composer', // The plugin name'slug' => 'js_composer', // The plugin slug (typically the folder name)'source' => get_stylesheet_directory() . '/includes/plugins/js_composer.zip', // The plugin source'required' => true, // If false, the plugin is only 'recommended' instead of required'version' => '3.7', // E.g. 1.0.0. If set, the active plugin must be this version or higher, otherwise a notice is presented'force_activation' => false, // If true, plugin is activated upon theme activation and cannot be deactivated until theme switch'force_deactivation' => false, // If true, plugin is deactivated upon theme switch, useful for theme-specific plugins'external_url' => '', // If set, overrides default API URL and points to an external URL),

/** * Array of configuration settings. Amend each line as needed. * If you want the default strings to be available under your own theme domain, * leave the strings uncommented. * Some of the strings are added into a sprintf, so see the comments at the * end of each line for what each argument will be. */$config = array('domain' => $theme_text_domain, // Text domain - likely want to be the same as your theme.'default_path' => '', // Default absolute path to pre-packaged plugins'parent_menu_slug' => 'themes.php', // Default parent menu slug'parent_url_slug' => 'themes.php', // Default parent URL slug'menu' => 'install-required-plugins', // Menu slug'has_notices' => true, // Show admin notices or not'is_automatic' => false, // Automatically activate plugins after installation or not'message' => '', // Message to output right before the plugins table'strings' => array('page_title' => __( 'Install Required Plugins', $theme_text_domain ),'menu_title' => __( 'Install Plugins', $theme_text_domain ),'installing' => __( 'Installing Plugin: %s', $theme_text_domain ), // %1$s = plugin name'oops' => __( 'Something went wrong with the plugin API.', $theme_text_domain ),'notice_can_install_required' => _n_noop( 'This theme requires the following plugin: %1$s.', 'This theme requires the following plugins: %1$s.' ), // %1$s = plugin name(s)'notice_can_install_recommended' => _n_noop( 'This theme recommends the following plugin: %1$s.', 'This theme recommends the following plugins: %1$s.' ), // %1$s = plugin name(s)'notice_cannot_install' => _n_noop( 'Sorry, but you do not have the correct permissions to install the %s plugin. Contact the administrator of this site for help on getting the plugin installed.', 'Sorry, but you do not have the correct permissions to install the %s plugins. Contact the administrator of this site for help on getting the plugins installed.' ), // %1$s = plugin name(s)'notice_can_activate_required' => _n_noop( 'The following required plugin is currently inactive: %1$s.', 'The following required plugins are currently inactive: %1$s.' ), // %1$s = plugin name(s)'notice_can_activate_recommended' => _n_noop( 'The following recommended plugin is currently inactive: %1$s.', 'The following recommended plugins are currently inactive: %1$s.' ), // %1$s = plugin name(s)'notice_cannot_activate' => _n_noop( 'Sorry, but you do not have the correct permissions to activate the %s plugin. Contact the administrator of this site for help on getting the plugin activated.', 'Sorry, but you do not have the correct permissions to activate the %s plugins. Contact the administrator of this site for help on getting the plugins activated.' ), // %1$s = plugin name(s)'notice_ask_to_update' => _n_noop( 'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this theme: %1$s.', 'The following plugins need to be updated to their latest version to ensure maximum compatibility with this theme: %1$s.' ), // %1$s = plugin name(s)'notice_cannot_update' => _n_noop( 'Sorry, but you do not have the correct permissions to update the %s plugin. Contact the administrator of this site for help on getting the plugin updated.', 'Sorry, but you do not have the correct permissions to update the %s plugins. Contact the administrator of this site for help on getting the plugins updated.' ), // %1$s = plugin name(s)'install_link' => _n_noop( 'Begin installing plugin', 'Begin installing plugins' ),'activate_link' => _n_noop( 'Activate installed plugin', 'Activate installed plugins' ),'return' => __( 'Return to Required Plugins Installer', $theme_text_domain ),'plugin_activated' => __( 'Plugin activated successfully.', $theme_text_domain ),'complete' => __( 'All plugins installed and activated successfully. %s', $theme_text_domain ), // %1$s = dashboard link'nag_type' => 'updated' // Determines admin notice type - can only be 'updated' or 'error') );

tgmpa( $plugins, $config );

}}

do_action('td_wp_booster_loaded'); //used by our pluginsdo_action('td_wp_cake_loaded'); // DEPRECATED used by our plugins - makes old tagdiv plugins work with this theme

Since this Booster theme is a premium theme, my guess (based on past experience, not trying to accuse you) is you downloaded a "cracked" version from a warez site and it contains some sort of malware. The reason I'm guessing this is because we've had a number of web hosting clients do the same thing and it prompted us to set up an antivirus auto-scan of every account more often just to make sure people are discouraged from this sort of behavior.

If I'm right, then I hope you learned a valuable lesson, that nobody is going to give you a free premium theme without trying to get something in return (using your mail server, setting up a proxy, using other resources, etc).

If I'm wrong, then it could be the author of the theme either intentionally or unintentionally included some sketchy code that raised the eyebrows of Bluehost's AV system.